@Test
public void abuseWeaknessNoNamespaceIdTest() throws Exception {
SoapTestDocument soap = new SoapTestDocument();
Document doc = soap.getDocument();
Element signed = soap.getDummyPayloadBody();
String id = "signed";
Attr idAttr = doc.createAttribute("ID");
idAttr.setTextContent(id);
signed.setAttributeNode(idAttr);
Element payload = (Element) signed.cloneNode(true);
soap.getHeader().appendChild(payload);
String xpath = "/soapenv:Envelope//*[@ID='" + id + "']";
log.info("Using XPath: " + xpath);
AbsoluteLocationPath abs = new AbsoluteLocationPath(xpath);
Step step = abs.getRelativeLocationPaths().get(2);
XPathAttributeWeaknessPostProcess aw = new XPathAttributeWeaknessPostProcess(step);
assertEquals(3, aw.getNumberOfPossibilities());
Attr sa, pa;
aw.abuseWeakness(0, new SignedElement(signed, null), new PayloadElement(payload, null));
log.info("abuseWeakness(0, signed, payload)\n" + domToString(doc, true));
sa = signed.getAttributeNode("ID");
pa = payload.getAttributeNode("ID");
assertNotNull(sa);
assertNotNull(pa);
assertEquals(sa.getTextContent(), id);
assertFalse(pa.getTextContent().isEmpty());
assertFalse(pa.getTextContent().equals(id));
assertFalse(sa.getTextContent().equals(pa.getTextContent()));
aw.abuseWeakness(2, new SignedElement(signed, null), new PayloadElement(payload, null));
log.info("abuseWeakness(2, signed, payload)\n" + domToString(doc, true));
sa = signed.getAttributeNode("ID");
pa = payload.getAttributeNode("ID");
assertNotNull(sa);
assertNotNull(pa);
assertEquals(sa.getTextContent(), id);
assertFalse(pa.getTextContent().isEmpty());
assertEquals(sa.getTextContent(), pa.getTextContent());
aw.abuseWeakness(1, new SignedElement(signed, null), new PayloadElement(payload, null));
log.info("abuseWeakness(1, signed, payload)\n" + domToString(doc, true));
sa = signed.getAttributeNode("ID");
pa = payload.getAttributeNode("ID");
assertNotNull(sa);
assertNull(pa);
assertEquals(sa.getTextContent(), id);
}
@Test
public void isAncestorTest() {
SoapTestDocument soap = new SoapTestDocument();
soap.getDummyPayloadBody();
// okay
assertEquals(1, isAncestorOf(soap.getEnvelope(), soap.getHeader()));
assertEquals(1, isAncestorOf(soap.getEnvelope(), soap.getBody()));
assertEquals(2, isAncestorOf(soap.getEnvelope(), soap.getDummyPayloadBody()));
// wrong -> isDescendantOf
assertEquals(-1, isAncestorOf(soap.getHeader(), soap.getEnvelope()));
assertEquals(-1, isAncestorOf(soap.getBody(), soap.getEnvelope()));
assertEquals(-1, isAncestorOf(soap.getDummyPayloadBody(), soap.getEnvelope()));
// wrong -> isSelf
assertEquals(0, isAncestorOf(soap.getHeader(), soap.getHeader()));
}